The present invention relates to the field of information and document management, and more specifically, to protecting documents at rest and in motion using declarative policies and encryption.
Controlling access to a document is typically the role of an operating system. Modern operating systems provide rudimentary access control mechanisms such as file system attributes or access control lists (ACL) which limit access to a file on a file system directly attached to the host of the operating system. When a computer is connected to a network, the task of protecting documents on a computer becomes more complicated. To protect data on a networked computer, consideration is given to protecting data-at-rest (e.g., data stored on a storage device), data-in-motion (e.g., data being transmitted but has not reached its destination), and discrepancies introduced by a heterogeneous operating environment (e.g., different capabilities and limitations of operating systems and file systems). As more users have access to data stored on a networked computer, more sophisticated access and usage control may be desired.
Document management systems provide additional control and protection to documents especially on a computer network. A document management system may require a document to be checked in to a document management repository in order to be protected. To read or change a document in a document management repository, a user may check out a document from a document management repository. Once a document is checked out, protection offered by a document management system may cease. As a result, protection offered by a document management system may be limited to documents residing in a document management repository but not copies of the documents retrieved from a document management repository.
To keep data protected at all times, encryption may be applied before a document is stored or transmitted. While encryption's ability to protect information is desirable, common encryption techniques have their share of shortcomings. For example, most encryption algorithms are computationally expensive and encrypting a large document can be time consuming. Moreover, managing the encryption keys of a large number of documents, securing encryption keys, and keeping encryption keys available all the times can be very complicated.
A popular application of encryption is an encrypted file system. In an attempt to address a limitation of operating system-based access control where files on a storage device are left unprotected when an operating system is disabled (or bypassed) or a storage device is removed from a host computer, many modern operation systems support file system encryption. On an encrypted file system, either all or selected files are encrypted before saving the files to a storage device (e.g., hard disk or Flash drive). Encryption keys used to encrypt files are managed by an operating system, whereby encryption and decryption of files are largely transparent to users. While an encrypted file system is desirable for some applications, files on an encrypted file system may become unprotected when they are copied or moved from the encrypted file system. For example, if a user copies a file from an encrypted file system to a file system that does not support file encryption, the copy of the file at the destination is left unprotected. Further, an encrypted file system does not protect data-in-motion (e.g., when a file on a file server is opened by a client computer on the network) and an encrypted network protocol must be used to protect the content of a file being transmitted.
Some application programs offer document encryption via a proprietary encrypted document format (e.g., Microsoft Word®, Microsoft Excel®, Adobe Acrobat®). While application specific encryption offers a convenient, easy to deploy document protection solution, such a solution may be difficult to manage as it lacks a sophisticated encryption key management infrastructure. For example, an application specific encryption solution may require a user to save a document in an encrypted format explicitly and maintain a password to open the document at a later time. This makes document protection not transparent to a user. In addition, application specific encryption is application specific, so it cannot be applied to protect other documents not associated with a specific application program.
Another popular use of encryption can be found in digital rights management (DRM) solutions. Unlike a document management system which is designed to protect source (or original) documents, DRM is designed specifically to protect renditions (or derivatives) of a source document in distribution. Common DRM solutions have licensing information embedded in a document being distributed, and rely on a custom reader (or player) or custom application plug-in to control access, limit rights assigned to a particular user or a particular distribution (e.g., do not allow access to content after it expires, do not allow copying content to clipboard, or do not allow printing of content), and track usage. DRM solutions are designed to protect renditions of a document in distribution where a rendition does not change after it is produced. In contrast, enterprise information management solutions can manage frequently changing documents along with frequently changing access and usage rights to the documents. As a result, DRM solutions designed to protect documents in distribution may not work well in managing source documents in an enterprise. Another shortcoming of DRM solutions is that DRM solutions may not protect documents that are not encrypted.
It would be advantageous for an information management system to offer the benefits of a sophisticated policy-based document access and usage control and fulltime content protection offer by encryption. It would further be advantageous to perform encryption and decryption automatically without user intervention. It would also be advantageous to encrypt confidential documents at rest and in motion. It would also be advantageous to associate encryption service with a policy enforcer of an information management system so that documents being encrypted are portable across operating systems and file systems. It would also be advantageous to have an encrypted document that is not application program dependent. It would also be advantageous to have an encryption service transparent to application programs (such as Microsoft Word®) so that a custom application is not required to read an encrypted document. It would also be advantageous to protect documents in place without requiring a user to check-in or check-out a document from a document management repository.